CVE-2007-4033
Published: 27 July 2007
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
From the Ubuntu Security Team
It was discovered that t1lib does not properly perform bounds checking which can result in a buffer overflow vulnerability. An attacker could send specially crafted input to applications linked against t1lib which could result in a DoS or arbitrary code execution.
Notes
Author | Note |
---|---|
jdstrand | while tetex-bin and texlive-bin have embedded t1lib code, it's not used |
Priority
Status
Package | Release | Status |
---|---|---|
t1lib Launchpad, Ubuntu, Debian |
dapper |
Released
(5.1.0-2ubuntu0.6.06.1)
|
edgy |
Released
(5.1.0-2ubuntu0.6.10.1)
|
|
feisty |
Released
(5.1.0-2ubuntu0.7.04.1)
|
|
upstream |
Needs triage
|
|
tetex-bin Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(links to t1lib)
|
edgy |
Not vulnerable
(links to t1lib)
|
|
feisty |
Not vulnerable
(links to t1lib)
|
|
gutsy |
Does not exist
|
|
upstream |
Needs triage
|
|
texlive-bin Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Not vulnerable
(links to t1lib)
|
|
feisty |
Not vulnerable
(links to t1lib)
|
|
gutsy |
Not vulnerable
(links to t1lib)
|
|
upstream |
Needs triage
|